As computer systems have become more and more commonplace, so too have, they become increasingly interconnected. Data and applications are more easily transferred among computers, such as via the Internet or other networks. Such interconnectivity creates numerous security problems for individual computers. For example, a computer can become infected with a virus or other malicious application that attempts to obtain or destroy confidential information, impersonate another program, etc.
An additional problem facing system designers is that of user-friendliness. Security schemes or methods that are not easily understandable to the typical user are most likely not going to be used. If a user does not understand the security scheme, then the user will most likely either not use various features of the computer because he or she cannot figure out how to work within the constraints of the security scheme, or alternatively the user will simply bypass the security scheme, leaving his or her system vulnerable to attack.
Various security schemes have been proposed to guard against compromising or loss of data on a computer. According to one such scheme, each application has its own security controls and features, protecting itself as well as the data it maintains. However, this forces a user to keep track of the different security controls, and their settings, for each application that he or she uses, which can quickly become overwhelming for the user. According to another such scheme, referred to as “sandboxing”, a program that is downloaded from the Internet is given a set of stringent functionality restrictions (e.g., all file accesses are prohibited). Although such sandboxing can provide security to the user's computer, it becomes increasingly difficult to implement as downloadable programs become more and more complex (e.g., programs may need access to files in order to function properly). Extensions to such sandboxing can be made, giving users the option to reduce the restrictions on such programs. However, such extensions again face the user with the need to keep track of the different security settings for each such application that he or she uses, as well as answer difficult questions about what applications he or she should permit to access the file system.
The invention described below addresses these disadvantages, providing enhanced computer system security scheme in a user-friendly manner.